Re: mj + /var/spool/mail - not spamassassin

[David . While @ uce . ac . uk]

I'm not sure the courts would allow mail to had been "manipulated" to be
used as evidence - how do they know your software hasn't changed some of
the info. You are better to use standard tools to detect spam and then use
these to gain evidence. The system I use is MailScanner
(www.mailscanner.info) together with spamassassin.

MailScanner is highly configurable and will log details to the standard
mail logs it is highly proven and there are analysis packages available for
it. I analyse my mail log and produce statistics which you can view at
http://www.boys-brigade.org.uk/mrtg/

-----------------------------------------------------------------
David While
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211


                                                                                                                                                
                      Alvin Oga                                                                                                                 
                      <alvin@planet.fef.com>            To:       dliston@sonny.org (Daniel Liston)                                             
                      Sent by:                          cc:       majordomo-users@greatcircle.com, alvin@planet.fef.com (Alvin Oga)             
                      majordomo-users-owner@grea        Subject:  Re: mj + /var/spool/mail - not spamassassin                                   
                      tcircle.com                                                                                                               
                                                                                                                                                
                                                                                                                                                
                      04/01/2003 20:29                                                                                                          
                                                                                                                                                
                                                                                                                                                






hi ya dan

thanx for the feedback, but this is NOT trying to detect spam...

idea is to record all "known-to-spam" and use the collected
database as a tool in the courts etc... that the spammer
sent the same spam jibberish to n-tuple users

rbls and blacklists are good ...but not useful in courts...

just wondering why mj can not see the incoming /var/spool/mail/foo
while its running but can see the the mailbox  afterward

oh well
alvin
http://www.linux-sec.net/Mail/AntiSpam ... anti-spam stuff

> Daniel Liston wrote:
>
> Not really on topic for majordomo, but.....
>
> It looks like your spamcollector alias is creating a loop to itself.
>
> Why not use pre-existing tools like spamassassin or spambouncer with
> procmail to do what you are trying to do?  Both have capabilities to
> use RBLs, report spam, and blacklist or whitelist addresses.
>
> Snortmonster is another spam detection tool you might find barely
> more accurate than spamassassin, just not quite as popular, yet.
>
> Dan Liston
>